[Git][security-tracker-team/security-tracker][master] Reserve DSA for roundcube update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 27 09:36:24 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4936279e by Salvatore Bonaccorso at 2018-04-27T10:35:36+02:00
Reserve DSA for roundcube update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8141,6 +8141,7 @@ CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure .
 	NOT-FOR-US: iRedMail
 CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions ...)
 	- roundcube <unfixed> (unimportant; bug #897014)
+	[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
 	NOTE: https://github.com/roundcube/roundcubemail/issues/6173
 	NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
 	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[27 Apr 2018] DSA-4181-1 roundcube - security update
+	{CVE-2018-9846}
+	[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
 [25 Apr 2018] DSA-4180-1 drupal7 - security update
 	{CVE-2018-7602}
 	[jessie] - drupal7 7.32-1+deb8u12


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -88,10 +88,6 @@ ruby2.3/stable
   Santiago will prepare an update
   work-in-progress: https://salsa.debian.org/ruby-team/ruby/tree/stretch-security-wip
 --
-roundcube (carnil)
-  Guilhem Moulin proposed an update in https://bugs.debian.org/895184, needs review and ack
-  Update should include as well the no-dsa tagged fix for CVE-2018-1000071
---
 sdl-image1.2
   Felix Geyer (debfx) working on updates
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180427/31c896e5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list